+++ This bug was initially created as a clone of Bug #150232 +++ A race window has been discovered where Set-Cookie headers may leak to another users if the requested server relies on the now (since 1997) obsolete Netscape Set-Cookie specifications in how caches should handle the Set-Cookie header on otherwise cacheable content. http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
This issue should also affect FC2.